chore(deps): replace k8s.io/apimachinery/pkg/util/errors with errors.Join

Drop use of k8s.io/apimachinery/pkg/util/errors.NewAggregate and replace
to with errors.Join which is available in stdlib since Go 1.20.

This allows to drop one dependency (which itself brings its own
contraints in its go.mod) and use more standard behavior.

Author: dolmen

CHANGELOG.md

@@ -4,6 +4,10 @@
 
 ## Important Notes
 
+Use of [`k8s.io/apimachinery/pkg/util/errors.NewAggregate`](https://pkg.go.dev/k8s.io/apimachinery/pkg/util/errors#NewAggregate)
+is removed and replaced by standard [`errors.Join`](https://pkg.go.dev/errors#Join) (available since Go 1.20) which allows
+standard unwrapping of errors.
+
 ## Breaking Changes
 
 ## Changes since v7.9.0

go.mod

@@ -39,7 +39,6 @@ require (
 	golang.org/x/sync v0.12.0
 	google.golang.org/api v0.228.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
-	k8s.io/apimachinery v0.32.3
 )
 
 require (

go.sum

@@ -263,5 +263,3 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
-k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=

pkg/middleware/jwt_session.go

@@ -10,7 +10,6 @@ import (
 	middlewareapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/middleware"
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
-	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
 
 const jwtRegexFormat = `^ey[a-zA-Z0-9_-]*\.ey[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]+$`
@@ -89,7 +88,7 @@ func (j *jwtSessionLoader) getJwtSession(req *http.Request) (*sessionsapi.Sessio
 		return session, nil
 	}
 
-	return nil, k8serrors.NewAggregate(errs)
+	return nil, errors.Join(errs...)
 }
 
 // findTokenFromHeader finds a valid JWT token from the Authorization header of a given request.

pkg/middleware/jwt_session_test.go

@@ -19,7 +19,6 @@ import (
 	sessionsapi "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
 
 type noOpKeySet struct {
@@ -302,10 +301,10 @@ Nnc3a3lGVWFCNUMxQnNJcnJMTWxka1dFaHluYmI4Ongtb2F1dGgtYmFzaWM=`
 			}),
 			Entry("Bearer <nonVerifiedToken>", getJWTSessionTableInput{
 				authorizationHeader: fmt.Sprintf("Bearer %s", nonVerifiedToken),
-				expectedErr: k8serrors.NewAggregate([]error{
+				expectedErr: errors.Join(
 					errors.New("unable to verify bearer token"),
 					errors.New("oidc: malformed jwt: oidc: malformed jwt payload: illegal base64 data at input byte 8"),
-				}),
+				),
 				expectedSession: nil,
 			}),
 			Entry("Bearer <verifiedToken>", getJWTSessionTableInput{
@@ -315,10 +314,10 @@ Nnc3a3lGVWFCNUMxQnNJcnJMTWxka1dFaHluYmI4Ongtb2F1dGgtYmFzaWM=`
 			}),
 			Entry("Basic Base64(<nonVerifiedToken>:) (No password)", getJWTSessionTableInput{
 				authorizationHeader: "Basic ZXlKZm9vYmFyLmV5SmZvb2Jhci4xMjM0NWFzZGY6",
-				expectedErr: k8serrors.NewAggregate([]error{
+				expectedErr: errors.Join(
 					errors.New("unable to verify bearer token"),
 					errors.New("oidc: malformed jwt: oidc: malformed jwt payload: illegal base64 data at input byte 8"),
-				}),
+				),
 				expectedSession: nil,
 			}),
 			Entry("Basic Base64(<verifiedToken>:x-oauth-basic) (Sentinel password)", getJWTSessionTableInput{

pkg/providers/oidc/provider_verifier.go

@@ -10,7 +10,6 @@ import (
 	"os"
 
 	"github.com/coreos/go-oidc/v3/oidc"
-	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
 
 // ProviderVerifier represents the OIDC discovery and verification process
@@ -75,7 +74,7 @@ func (p ProviderVerifierOptions) validate() error {
 	}
 
 	if len(errs) > 0 {
-		return k8serrors.NewAggregate(errs)
+		return errors.Join(errs...)
 	}
 	return nil
 }

providers/providers.go

@@ -2,14 +2,14 @@ package providers
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
 
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
 	internaloidc "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/providers/oidc"
-	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
 
 const (
@@ -135,7 +135,7 @@ func newProviderDataFromConfig(providerConfig options.Provider) (*ProviderData,
 	errs = append(errs, p.compileLoginParams(providerConfig.LoginURLParameters)...)
 
 	if len(errs) > 0 {
-		return nil, k8serrors.NewAggregate(errs)
+		return nil, errors.Join(errs...)
 	}
 
 	// Make the OIDC options available to all providers that support it